扫描报告
5 /100
google-drive-service-account
Access Google Drive from OpenClaw using either service-account JSON or OAuth refresh token for search, listing, download, export, upload, and folder creation
This is a legitimate Google Drive helper using OAuth/service-account auth, with no malicious behavior detected.
可以安装
No action required. This is a safe, well-implemented skill for Google Drive file operations.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md: upload, mkdir, --out for download/export |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: all Drive API operations; gdrive_sa.py: DRIVE_API_BASE |
| 命令执行 | WRITE | WRITE | ✓ 一致 | skill metadata bins: [openssl]; gdrive_sa.py:143 subprocess openssl for RS256 si… |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md: GOOGLE_OAUTH_REFRESH_TOKEN, GOOGLE_SERVICE_ACCOUNT_KEY, GOOGLE_CLIENT_… |
| 技能调用 | NONE | NONE | — | No skill_invoke usage |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
提示 邮箱 邮箱地址
[email protected] SKILL.md:57 目录结构
2 文件 · 18.4 KB · 535 行 Python 1f · 392L
Markdown 1f · 143L
├─
▾
scripts
│ └─
gdrive_sa.py
Python
└─
SKILL.md
Markdown
安全亮点
✓ All file writes are scoped to user-specified --out paths with parent directory creation
✓ Temp files for private key signing use 0o600 permissions (owner-only read/write)
✓ All network requests target Google's official APIs (apis.google.com, oauth2.googleapis.com)
✓ Service account JSON is validated for required fields before use
✓ No credential exfiltration - tokens stay local and are used only for API calls
✓ No base64 obfuscation, no curl|bash patterns, no sensitive path traversal
✓ Skill metadata explicitly declares openssl and python3 as required binaries
✓ Multipart upload is handled entirely in-memory without temp files on disk
✓ JWT signing subprocess is scoped to a single, well-defined cryptographic operation